Sign up or log in to save this to your schedule and see who's attending!

We create containers by reusing several pieces of software from disparate locations, internal and external to our organization. We then rely on the providers (trusted or not) of the pieces to publish the software component list, or we run vulnerability and compliance scan tools against the fully built containers before pushing it to an internal registry. These methods are more fail safes than applying software delivery best practices, i.e., start from a well defined Bill of Materials (BoM).

Can we build a container from a well defined software component manifest? What would that manifest look like? This BoF is to discuss what we need in order to build a better container delivery pipeline that adheres to software delivery best practices. To kick us off, I will present a survey on currently used tools and practices.